CSRF and XSS are still important: don’t leave any security vulnerabilities which might allow an evil website out on the internet to run JavaScript that steals data from your behind-the-firewall web application.

Learn to program. You don’t need to learn programming to the standard where you could work professionally as a software engineer, but having enough programming knowledge to write some simple programs and automate some simple tasks will make you enormously more capable when it comes to working with programmers—or in business life in general.

What I’m writing here is the single most important take-away from my Sun years, and it fits in a sentence: The community of developers whose work you see on the Web, who probably don’t know what ADO or UML or JPA even stand for, deploy better systems at less cost in less time at lower risk than we see in the Enterprise.

The simple truth is that in the age of Web 2.0/3.0, in the era of cloud and utility computing, the application server is a commodity. A commercial, proprietary app server simply cannot survive in this environment anywhere outside the lethargic, soft-padded walls of the enterprise.